Skip to main content

iOS - Security Module

note

To provide security validation before authentication, a proper implementation of the SecurityModule protocol is required. Q2MobileCore will interact with your module to determine whether login operations should be allowed based on security policies.

The SecurityModule interface is used when creating a module that needs to perform security checks before allowing user authentication. This module provides security validation to ensure device integrity and prevent unauthorized access.

Security Validation

The module performs security checks for the following scenarios:

  • Device integrity verification
  • App tampering detection
  • Security policy compliance
  • Custom security rule validation

Implementation

Implementing a SecurityModule is straightforward—create a class conforming to the SecurityModule protocol requirements.

SecurityResult Enum
/// Represents the result of a security check operation.
public enum SecurityResult {

    /// Indicates that the security check passed and the operation is allowed.
    case secure

    /// Indicates that the security check failed with an associated error message.
    case insecure(String)
}
SecurityModule Protocol
/// A type that can provide any module to check in for security rules.
/// This protocol defines the interface for modules that perform security validations
/// before allowing certain operations like user login.
public protocol SecurityModule: Module {

    /// Determines if login should be allowed based on security rules.
    /// This method performs various security checks such as device integrity,
    /// app tampering detection, or other security policies defined by the module.
    /// - Returns: SecurityResult indicating whether login is secure or contains security violations
    func allowLogin() -> SecurityResult
}
Sample SecurityModule Implementation
import Q2ModuleInterfaces

extension Q2MySecurityModule: SecurityModule {

    public func allowLogin() -> SecurityResult {
        isDeviceSecure() ? .secure : .insecure("reason-for-insecure")
    }
}

Behind the Scene

When user is going to be logged in using Password Authentication or SSO Authentication, module implementing this interface would be asked whether device is secured or not. If it returns insecure, then user's authentication would be blocked and provided message would be presented to user in respective authentication UI.

Security Module Behavior

  • No Security Module: When no security module is implemented, no validation occurs and authentication proceeds normally.

  • Multiple Security Modules: When multiple security modules exist from different providers:

    • All modules are evaluated for security validation
    • If any module returns .insecure, the overall result is considered insecure
    • Authentication is blocked if any module reports a security violation
    • Only when all modules return .secure will authentication be allowed